package com.abc.tacos.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import javax.sql.DataSource;

/**
 * @author Kar
 * @create 2022-04-20 上午10:42
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    // 1、使用httpbasic认证的方式
    // @Override
    // protected void configure(HttpSecurity http) throws Exception {
    //     http.httpBasic()//开启httpbasic认证
    //         .and().authorizeRequests().anyRequest().authenticated();//所有请求都需要登录认证才能访问
    //     http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    // }

    // 2、使用表单验证
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests() //允许基于HttpServletRequest使用限制访问
                .antMatchers("/Asuka")
                    //.authenticated() // 其他路径必须验证身份
                    .access("hasRole('USER')") // 验证角色信息
                //.antMatchers("/", "/home")
                //    .access("permitAll") //不需要身份认证
                .and()
                    .formLogin() // 使用表单登陆
                        // .loginPage("/login") // 自定义登陆页面
                        //.permitAll()
                .and()
                    .logout()   // 拦截"/logout"请求, 清除session数据
                        .logoutSuccessUrl("/")

                // Make H2-Console non-secured; for debug purposes
                // tag::csrfIgnore[]
                .and()
                    .csrf()
                        .ignoringAntMatchers("/h2-console/**")
                // end::csrfIgnore[]

                // Allow pages to be loaded in frames from the same origin; needed for H2-Console
                // tag::frameOptionsSameOrigin[]
                .and()
                    .headers()
                        .frameOptions()
                            .sameOrigin();
                // end::frameOptionsSameOrigin[]
    }

    // 1） 基于内存的用户存储
    //@Override
    //protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    //    auth.inMemoryAuthentication()
    //            .withUser("Kar")
    //                .password("{noop}123456")
    //                .authorities("ROLE_USER")
    //            .and()
    //            .withUser("Eylin")
    //                .password("{noop}654321")
    //                .roles("USER");
    //}

    // 2） 基于JDBC的用户存储

    @Autowired
    private DataSource dataSource;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(new BCryptPasswordEncoder());
    }

}
